Cov Financial Serviceshttps://www.covfinancialservices.com
Developments in the Financial Services IndustryThu, 21 Feb 2019 19:48:30 +0000en-UShourly1https://wordpress.org/?v=4.9.9U.S. Treasury Department States It “Does Not Expect” U.S. Financial Institutions to Follow E.U.’s High-Risk Jurisdiction Listhttps://www.covfinancialservices.com/2019/02/u-s-treasury-department-states-it-does-not-expect-u-s-financial-institutions-to-follow-e-u-s-high-risk-jurisdiction-list/
Thu, 21 Feb 2019 19:48:30 +0000https://www.covfinancialservices.com/?p=8076Continue Reading]]>On February 13, the European Commission published a list of 23 jurisdictions that it views as posing “significant threats to the financial system of the [European] Union” in the area of anti-money laundering and counter-terrorist financing (“AML/CFT”). On the same day, the U.S. Treasury Department issued a press statement in which it advised that it “does not expect U.S. financial institutions to take the European Commission’s list into account in their AML/CFT policies and procedures.”

The press statement specifically criticized the Commission for going beyond the jurisdictions that the Financial Action Task Force has designated as “high-risk” or “monitored” jurisdictions, and identifying an additional 11 jurisdictions as “high risk.” These additional jurisdictions include Saudi Arabia — a country that generates significant international payments activity — as well as Panama and four U.S. territories (American Samoa, Guam, Puerto Rico, and the U.S. Virgin Islands). These jurisdictions were selected based on what the Commission described as “strategic deficiencies” in their AML/CFT infrastructure, including, for example, perceived inadequacies in the enforcement of AML/CFT laws and in practices related to customer due diligence and the identification of ultimate beneficial owners.

The Treasury Department’s criticism of the Commission’s list is significant in part because the U.S. Financial Crimes Enforcement Network (“FinCEN”), which exercises regulatory and enforcement authority over AML issues, is a bureau of the Treasury Department. At the same time, the Treasury Department’s statement was published as a press statement, not as regulatory guidance, and both FinCEN and other relevant Treasury Department components (including the Office of the Comptroller of the Currency) have strong traditions of independence from the Treasury Department itself. Moreover, it is not clear whether other relevant agencies outside the Treasury Department — such as the Federal Reserve and state regulators — share the Treasury Department’s view.

The influence of the Commission’s list outside the E.U. will depend not only on the reaction of these various U.S. regulators, but also on the reception the list receives in other major financial centers around the world.

]]>CFTC Announces 2019 Examination Priorities for the First Timehttps://www.covfinancialservices.com/2019/02/cftc-announces-2019-examination-priorities-for-the-first-time/
Fri, 15 Feb 2019 20:30:54 +0000https://www.covfinancialservices.com/?p=8073Continue Reading]]>On February 12, 2019, for the first time in its history, the Commodity Futures Trading Commission (“CFTC”) announced the release of 2019 examination priorities for each of its regulatory Divisions. CFTC Chairman J. Christopher Giancarlo stated that “[t]his first-ever publication of division examination priorities is in line with Project KISS and other agency initiatives to improve the relationship between the agency and the entities it regulates, while promoting a culture of compliance at our registrants.” Other regulatory agencies, such as the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”), traditionally publish annual examination priorities. The CFTC 2019 examination priorities focus on ensuring that CFTC registrants have sufficient compliance mechanisms in place to effectively self-regulate in accordance with the CFTC’s regulatory priorities. Registrants should consider this announcement as signaling an increase in the CFTC’s attention to its supervisory efforts and as a potential precursor to increased enforcement activity.

Division of Market Oversight (“DMO”)

The Compliance Branch of the DMO published its 2019 Examination Priorities (the “DMO Priorities”) separately from the other CFTC Divisions, and stated that it will release these priorities annually. While the DMO is charged with oversight and examination of both registered designated contract markets (“DCMs”) and swap execution facilities (“SEFs”), the DMO Priorities indicate that the Compliance Branch will be focused on “more frequent and prompt” compliance examinations of DCMs in 2019, anticipating that most DCMs will undergo at least one examination in 2019. However, SEFs should not take this focus on DCM examinations as a “hall-pass” to neglect their compliance activities; the DMO Priorities also note that the Compliance Branch intends to begin high-level regulatory consultations of SEFs during 2019 as a preliminary step in designing an examination program for SEFs. The DMO’s approach to SEF examinations is, in part, a reflection of the pending changes to SEF regulation that may be promulgated through the CFTC’s SEF rule proposal.

The DMO Priorities emphasize four foundational “pillars”: (i) effective communication between the DMO and regulated entities and market participants to increase awareness of the DMO’s priorities and areas of concern; (ii) a risk-based determination of priorities, focusing attention on key entities and subject areas; (iii) continuous improvement by the Compliance Branch in responsiveness to regulatory and market developments, thereby enhancing oversight of DCMs; and (iv) efficiency in the examination process.

Another foundation for the DMO Priorities are the findings from the Compliance Branch’s high-level review in 2018 of different aspects of the businesses of 11 DCMs (e.g., products and volume, investigations, disciplinary cases, incentive programs). The DMO Priorities note that 2019 examinations will focus on specific elements of a DCM’s self-regulatory program, as well as emerging areas of self-regulation. The 2018 review helped the Compliance Branch identify the following areas where a DCM’s self-regulatory program may be a target for in-depth examination in 2019: (i) cryptocurrency surveillance practices; (ii) surveillance for disruptive trading (including a DCM’s rules, surveillance practices, investigations, and disciplinary cases); (iii) trade surveillance practices; (iv) block trade surveillance practices; (v) market surveillance practices; (vi) practices around market maker and trading incentive programs; and (vii) a DCM’s relationship’s with and services received from regulatory service providers. Given the heavy emphasis on surveillance practices, DCM market participants should be aware that their practices may also come under scrutiny in the 2019 examinations. Surveillance is also a focus of the CFTC’s Division of Enforcement, as the first line of defense against market disruptive behavior, such as manipulation, spoofing, and wash trading. Regulated entities who do not meet the agency’s standards for adequate surveillance practices may face enforcement actions, particularly for a failure to supervise. Examinations in this area may result in referrals to the Enforcement Division if a firm’s systems and controls are found to be lacking.

In addition to highlighting particular topics for scrutiny in 2019 examinations, the DMO Priorities also indicate a plan to develop model/best regulatory practices across DCMs through conducting comparative examinations. Moreover, the DMO Priorities demonstrate an interest in fostering communication between the CFTC and regulated entities and, to further this communication, include plans for quarterly calls with large and medium-sized DCMs, and biannual calls with lower volume DCMs. This reflects the mission push for greater regulatory transparency.

The DCR examines derivative clearing organizations (“DCOs”), and where the DCO is designated as systemically important by the Financial Stability Oversight Council, the exams are performed in consultation with the Board of Governors of the Federal Reserve. The goal of DCR examinations is to identify areas of weakness or non-compliance that can impede an efficient clearing process. DCR examinations typically include review of a DCO’s financial resources, risk management, system safeguards and cyber-security policies, practices, and procedures.

Market Participants on Notice

For CFTC-regulated entities, the publication of the CFTC’s examination priorities presents an opportunity, rather than a threat. The notice of specific examination priorities for each of the CFTC’s regulatory Divisions may allow market participants to conduct an internal checkup of their systems and controls and begin to address any deficiencies before the CFTC examination. This gives regulated entities the opportunity to self-examine market surveillance programs, customer account practices, and general system safeguards to ensure they meet agency standards and are sufficiently robust to comply with CFTC regulations. A failure to make use of this opportunity could result in greater scrutiny from the CFTC’s Divisions, and potentially, a referral to the Division of Enforcement, raising the risk of fines and application of specific undertakings to address areas the agency finds deficient.

The Futures and Derivatives practice at Covington has deep expertise in assessing the adequacy of existing programs as well as implementing requisite new or revised policies and procedures. We are ready to assist firms seeking to take advantage of the opportunities presented by the publication of the CFTC’s examination priorities.

]]>President Trump Signs Executive Order on Artificial Intelligencehttps://www.covfinancialservices.com/2019/02/president-trump-signs-executive-order-on-artificial-intelligence/
Tue, 12 Feb 2019 18:55:52 +0000https://www.covfinancialservices.com/?p=8069Continue Reading]]>On February 11, 2019, President Trump signed an Executive Order (“EO”), “Maintaining American Leadership in Artificial Intelligence,” that launches a coordinated federal government strategy for Artificial Intelligence (the “AI Initiative”). Among other things, the AI Initiative aims to solidify American leadership in AI by empowering federal agencies to drive breakthroughs in AI research and development (“R&D”) (including by making data computing resources available to the AI research community), to establish technological standards to support reliable and trustworthy systems that use AI, to provide guidance with respect to regulatory approaches, and to address issues related to the AI workforce. The Administration’s EO is the latest of at least 18 other countries’ national AI strategies, and signals that investment in artificial intelligence will continue to escalate in the near future—as will deliberations with respect to how AI-based technologies should be governed.

Research and Development: The U.S. must drive technological breakthroughs in AI across the federal government, industry, and academia;

Standards and Resources: The U.S. must drive development of technical standards and reduce barriers to the safe testing and deployment of AI technologies;

Workforce: The U.S. must train current and future generations of American workers with the skills to develop and apply AI technologies;

Governance: The U.S. must foster public trust and confidence in AI technologies and protect civil liberties, privacy, and American values in their application; and

International Engagement: The U.S. must promote an international environment that supports American AI research and innovation and opens markets for American AI industries, while protecting the United States’ technological advantage in AI.

Prioritization of Federal Investment in AI R&D

Although the EO does not provide any additional funding to the AI Initiative, the EO does direct agencies that perform or fund R&D to prioritize AI in developing their budget proposals for Fiscal Year 2020 and beyond, and to consider administrative actions that can increase AI spending in 2019. The EO also directs relevant agencies to explore opportunities for collaboration with non-Federal entities, including the private sector, so that “all collaborators can benefit from each other’s investment and expertise in AI R&D.”

Access to Federal Data and the Use of Cloud Computing Resources

Importantly, the EO recognizes that significant, reliable data sources are critical to ensuring the development and success of AI technologies. Specifically, as explained by Michael Kratsios, the Deputy Assistant to the President for Technology Policy, the EO will increase access to federal data resources by “identifying high-priority federal data and models, improving public access to and the quality of federal AI data, and allocating high-performance and cloud computing resources to AI-related applications and R&D.” The government’s efforts to improve the “quality, usability, and appropriate access to priority data” must be made in accordance with the Administration’s prior “Cross-Agency Priority Goal: Leveraging Federal Data as a Strategic Asset” as described in the President’s Management Agenda of March 2018.

At the same time, the EO emphasizes that agencies should identify and consider any barriers to, or requirements associated with, increased access to such data, including privacy and civil liberties protections and safety and security concerns.

New Guidance for Regulations of AI Applications

The EO details several initiatives to promote public trust in the development and use of AI applications while fostering innovation. Specifically, the EO directs the OMB Director, in coordination with other key stakeholders, to issue within six months a memorandum for all agencies that will:

Inform the development of regulatory and non‑regulatory approaches regarding technologies and industrial sectors that are either empowered or enabled by AI; and

Consider ways to reduce barriers to the use of AI technologies in order to promote their innovative application.

In addition, the EO directs the National Institute of Standards and Technology (“NIST”) to issue a plan for developing “technical standards and related tools in support of reliable, robust, and trustworthy systems that use AI technologies.” The plan is meant to identify opportunities and challenges with respect to establishing U.S. leadership in the AI standards development space.

AI and American Workforce

The EO requires federal agencies that provide education funding to prioritize AI-related programs within existing federal fellowship and service programs. In addition, the Select Committee is required to confer with the NSTC Committee on STEM Education and provide technical expertise to the National Council for the American Worker with respect to AI-related educational and workforce development considerations.

Protection of America’s Advantage in AI Technologies

Referring to a new National Security Presidential Memorandum (“NSPM”) dated February 11, 2019 (“Protecting the United States Advantage in Artificial Intelligence and Related Critical Technologies”) (the “NSPM”), the EO directs the Assistant to the President for National Security Affairs to facilitate an “action plan” that will “protect the United States’ advantage in AI and AI technology critical to United States economic and national security interests against strategic competitors and adversarial nations.” This plan may be classified, in full or in part, and will be implemented by all agencies that receive the NSPM.

Next Steps

The EO is the latest, and most significant, step that the Administration has taken to make AI a priority from both an economic and a national security perspective—and federal agencies already are moving forward with implementation. On the same day as the EO’s signing, for example, Pentagon Chief Information Officer Dana Deasy announced that the military will unveil a new strategy for using AI on February 12th.

The EO provides opportunities for interested stakeholders to provide input with respect to its various components. In particular, opportunities will be made available in the following areas:

Data Access: Within 90 days, the OMB Director will publish a notice in the Federal Register soliciting requests regarding “access or quality improvements for Federal data and models that would improve AI R&D and testing;”

Governance: Within 180 days, OMB is scheduled to issue the memorandum regarding the development of regulatory and non-regulatory approaches with respect to AI. At some (unspecified) point before that, OMB is required to solicit public comment on a draft of the memorandum; and

Technical Standards: NIST is required to consult, as needed, with the private sector, academia, non-government entities, and other stakeholders regarding the agency’s plan for the development of technical standards for AI technologies.

]]>CFPB Releases Proposed Revisions to Payday Lending Rulehttps://www.covfinancialservices.com/2019/02/cfpb-releases-proposed-revisions-to-payday-lending-rule/
Fri, 08 Feb 2019 17:41:30 +0000https://www.covfinancialservices.com/?p=8064Continue Reading]]>On February 6, 2019, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released its much-anticipated proposed amendments to the payday lending rule. The proposed revision is Kathy Kraninger’s first major regulatory initiative since becoming the director of the CFPB.

The Bureau issued two notices of proposed rulemaking that would (i) repeal the mandatory underwriting provisions in the payday lending rule and (ii) delay the compliance date for these provisions until November 19, 2020, which would allow the Bureau to consider comments and issue a final rule before the underwriting provisions take effect. The Bureau’s proposed revisions would not amend or delay the effective date of the payment provisions of the payday lending rule, although the preamble to one of the proposed rules makes clear that the Bureau may separately consider whether any revisions to the payment requirements are appropriate.

Underwriting Provisions

The Bureau’s first notice of proposed rulemaking would repeal the payday lending rule’s underwriting provisions, which, under 2017 Final Rule, would have required lenders to assess borrowers’ ability to repay, verify borrowers’ incomes, and furnish certain information regarding payday loans to registered information systems, among other things.

In describing the rationale behind these changes, the Bureau explained that it has preliminarily found that rescinding the underwriting provisions would increase consumer access to credit. The Bureau also questioned the robustness of the evidence underlying the 2017 Final Rule, including a 2013 study by Professor Ronald Mann that surveyed payday loan borrowers regarding how long they expected to take to pay back their loans. In the 2017 Final Rule, the CFPB drew conclusions about the study that Professor Mann himself disputed. In its proposed revision, the Bureau discussed the “clear limitations” of the data underlying the Mann study—including the fact that the study involved a single payday lender in only five states—and found that the study was not sufficiently robust or representative enough to allow the Bureau to draw the conclusions it had previously drawn about payday lenders and borrowers, particularly in light of the dramatic impact the underwriting provisions would have on the market for payday loans and on consumer access to credit.

The Bureau also parted ways with previous leadership’s interpretation of the legal theories underlying “unfairness” and “abusiveness.” In issuing the 2017 Final Rule, the Bureau found that the practice of making certain payday loans to borrowers without assessing the borrowers’ ability to repay was unfair. For an act or practice to be unfair under the Dodd-Frank Act, the act or practice must not be reasonably avoidable by consumers. The previous leadership took the position that, for an act or practice to be reasonably avoidable, borrowers must “have reasons generally to anticipate the likelihood and severity of the injury and the practical means to avoid it,” focusing on the “consumer perception of risk.” The preamble to the proposed rulemaking rejects this reasoning, citing Federal Trade Commission and court interpretations for the proposition that an injury is reasonably avoidable if consumers “have reason to anticipate the impending harm and the means to avoid it.” But the Bureau preliminarily concluded that “consumers need not have a specific understanding of their individualized likelihood and magnitude of harm such that they could accurately predict” the time it would take them to repay a payday loan.

The 2017 Final Rule also found that the practice of making certain payday loans to borrowers without assessing the borrowers’ ability to repay was abusive because it takes unreasonable advantage of the consumer’s lack of understanding and the consumer’s inability to protect their interests. Previous leadership interpreted “understanding” to require an understanding of the borrower’s individual likelihood of being exposed to the risks of the product and the severity of the costs and harms that may occur. In addition, previous leadership found that customers seeking payday loans “are financially vulnerable and have very limited access to other sources of credit” and thus are unable to protect their interests. In issuing the proposed amendments, the Bureau found previous leadership’s interpretations of the abusiveness factors to be too broad. For example, the Bureau preliminary concluded that the lack of understanding element of the abusiveness standard should be treated as similar to the not reasonably avoidable prong of the unfairness standard. Recognizing that “the elements of abusiveness do not have a long history or governing precedents,” the Bureau is seeking comment on how to interpret the abusiveness factors set forth in the Dodd-Frank Act. Comments received may also inform a forthcoming CFPB proposed rule that defines the abusiveness standard.

The Bureau issued an unofficial redline showing its proposed changes to the payday lending rule. Comments on this notice of proposed rulemaking are due 90 days from the date of publication in the Federal Register.

Compliance Date

The Bureau’s second notice of proposed rulemaking would delay the compliance date of the underwriting provisions from August 19, 2019, to November 19, 2020, at which point the underwriting provisions may have been repealed or substantially revised by a new final rule.

Comments on this notice of proposed rulemaking are due 30 days from the date of publication in the Federal Register.

Payment Provisions

The notices of proposed rulemaking do not amend or delay the effective date of the payment provisions of the 2017 Final Rule. The payment provisions prohibit certain lenders from making a new attempt to withdraw funds from an account after two consecutive attempts have failed without obtaining the customer’s consent for further withdrawals. The payment provisions also require lenders to provide written notice before the first attempt to withdraw payments from a customer’s account and, in certain situations, when subsequent attempts may be different (e.g., a different amount or payment channel).

Although the notices of proposed rulemakings would not repeal the payment provisions, the preamble to the first notice of proposed rulemaking makes clear that the Bureau “intends to examine these issues and if the Bureau determines that further action is warranted, the Bureau will commence a separate rulemaking initiative.”

The preamble also notes that the CFPB received a formal petition to exempt debit card payments from the payment provisions. Lenders have argued that there is no harm resulting from continued attempts to collect payment through a debit card, because when a lender attempts to withdraw a payment using a debit card and the borrower’s deposit account lacks the funds for the payment, the bank will deny the payment without imposing an insufficient funds (NSF) fee on the borrower.

Response to the Notices of Proposed Rulemaking

The Bureau’s proposals have been met with swift backlash from prominent Democratic lawmakers. For example, on the same day the proposal was released, Rep. Maxine Waters (D-Calif.) issued a statement urging “Director Kraninger to rescind this proposal and work on implementing a comprehensive federal framework — including strong consumer safeguards, supervision, and robust enforcement — to protect consumers from the cycle of debt.” The next day, Sen. Elizabeth Warren (D. Mass.) followed up with her own statement condemning the proposed revision, which, as reported by Politico, states that “[t]he rule you released today makes a mockery of the CFPB’s statutory mission of protecting consumers.”

The Community Financial Services Association of America, a trade association representing the payday lending industry that has sued to overturn the 2017 Final Rule, issued a statement to Politico that the Bureau’s revision didn’t go far enough, indicating that the association was “disappointed that the CFPB has, thus far, elected to maintain certain provisions of its prior final rule . . . .”

In his column, Senator Crapo emphasizes what he sees as the “incredibly positive” developments associated with the development of technology, including increasing consumer choice, inclusion, and economic prosperity. However, he also highlights the increasing prevalence of data breach incidents and the lack of transparency associated with “big data analytics, data aggregation, and other technologies that make use of consumer data.”

He concludes that “[i]n order to fully embrace the immense benefits that can result from technological innovation, we must ensure proper safeguards are in place and consumers are fully informed.” Because of this, “[d]ata privacy and data security legislation will remain a priority in the 116th Congress,” and the Senate Banking Committee in particular will explore solutions to “give consumers more control over and enhance the protection of consumer financial data.”

Senator Crapo’s column comes on the heels of several bills that have recently been introduced in the Senate to address data protection issues, from both Democrats and Republicans. In particular, Senator Marco Rubio (R.-Fla.) introduced a privacy bill in January, and Senators Amy Klobuchar (D.-Minn.) and John Kennedy (R-La.) reintroduced their bipartisan bill in this Congress. Senators Brian Schatz (D-Hawaii) and Ron Wyden (D.-Ore.) introduced proposals last session.

The outlines of a possible compromise are still coming into view, but a key issue in the debates over data protection legislation is likely to be whether the law would preempt California’s new California Consumer Privacy Act (“CCPA”). As we have previously discussed, amendments to the CCPA exempted broad categories of consumer financial data under an exemption for data collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act, making the CCPA much less onerous for financial services companies. However, the full breadth of that exemption has not yet been defined, and certain financial data will fall outside the exemption.

Legislators will likely also debate whether a federal law should include rights to data access, data correction, data deletion, and data mobility (i.e., the right to transfer personal information to another business), and, if so, what forms those rights should take.

Senator Crapo’s column underscores both that data protection legislation will be a major focus of this Congress, and also the important implications such legislation could have for financial services companies, including banks, credit reporting agencies, and other nonbank financial institutions.

]]>Overview of Fintech Regulation in the United Stateshttps://www.covfinancialservices.com/2019/01/overview-of-fintech-regulation-in-the-united-states/
Thu, 31 Jan 2019 14:35:15 +0000https://www.covfinancialservices.com/?p=8057Continue Reading]]>Innovation in financial services continues to move at a rapid pace. The significant increase in the number of fintech companies in recent years has highlighted a burgeoning market with significant economic potential, and a commercial need to create efficiencies and modernize the provision of financial products and services. Federal and state financial services regulators remain focused on fostering the growth of fintech companies, while simultaneously developing an appropriate regulatory framework for fintech activities that will ensure consumer protection.

We recently authored a chapter on fintech regulation in the United States as part of a global fintech guide published by Thomson Reuters. Each chapter provides an overview of the financial services and fintech sectors in that jurisdiction, including the regulatory environment for fintech in alternative finance, payments, securities, insurance, and blockchain activities; regulatory compliance issues; government initiatives; and the future of fintech.

Reproduced from Practical Law with the permission of the publishers. For further information, visit www.practicallaw.com.

]]>CFPB Announces Settlement with Broker of High-Interest Credit Offers to Veteranshttps://www.covfinancialservices.com/2019/01/cfpb-announces-settlement-with-broker-of-high-interest-credit-offers-to-veterans/
Tue, 29 Jan 2019 15:40:05 +0000https://www.covfinancialservices.com/?p=8055Continue Reading]]>On January 23, 2019, the CFPB announced a settlement with Mark Corbett following an investigation by the Bureau, the Arkansas Attorney General, and the South Carolina Department of Consumer Affairs into Mr. Corbett’s brokerage of contracts offering high-interest credit to veterans. As detailed in the consent order, Mr. Corbett facilitated high-interest contracts between veterans and investors marketed as purchases of the veterans’ future pension and disability payments. Pursuant to the contracts, veterans would receive a lump-sum payment from investors in an amount ranging from a few thousand to tens of thousands of dollars, and would then be obligated to repay the investors by assigning to the investors all or part of the veterans’ pension or disability payments. The repayment obligations typically lasted from five to ten years, and resulted in a repayment amount far greater than the initial lump-sum payment.

The Bureau found Mr. Corbett violated Sections 1031 and 1036 of the Consumer Financial Protection Act of 2010 (“CFPA”) by: (i) misrepresenting to consumers that the contracts were valid and enforceable when, in fact, the contracts were void because the veterans’ pension payments are unassignable under federal law; (ii) misrepresenting to consumers that the contracts involved a purchase of payments rather than high-interest credit; (iii) misrepresenting to consumers when they would receive funds under the contracts; and (iv) failing to disclose to consumers the applicable interest rate for the credit offered by the contracts.

The consent order permanently restrains Mr. Corbett from brokering, offering, and arranging contracts between veterans and third parties under which the veteran purports to sell a future right to an income stream in the veteran’s pension or disability payments. The consent order also requires Mr. Corbett to pay a civil money penalty of $1 to the Bureau, an amount based upon sworn financial payments submitted by Mr. Corbett indicating an inability to pay.

Mr. Corbett consented to the issuance of the consent order without admitting or denying any of the findings of fact or conclusions of law, except that he admitted the facts necessary to establish the Bureau’s jurisdiction over him and the subject matter of the action.

Consumer advocates criticized the settlement for the low amount of the civil money penalty. The Center for Responsible Lending issued a statement criticizing “the Trump-appointed political leadership at the CFPB” for “letting a person who preyed on veterans get away with a slap on the wrist.”

]]>The Latest Brexit Chaos: What Does it Mean for Derivatives Markets?https://www.covfinancialservices.com/2019/01/the-latest-brexit-chaos-what-does-it-mean-for-derivatives-markets/
Mon, 28 Jan 2019 22:00:11 +0000https://www.covfinancialservices.com/?p=8050Continue Reading]]>The past few weeks have been chaotic for both Brexit negotiations and U.K. politics overall. On January 15, 2019, British Prime Minister Theresa May’s Brexit plan succumbed to historic defeat in Parliament. Brexit watchers expected a defeat but the record margin of 432 votes against, and 202 votes for, was still shocking. On January 16, 2019, the Prime Minister narrowly survived a vote of no-confidence in her government. On Monday, she submitted to Parliament a Plan B for Brexit with a vote on such plan scheduled for tomorrow, January 29th. Against this backdrop of upheaval and uncertainty, derivatives markets must still function and, over the past few months, the European Commission ( the “EC” or the “Commission”) has taken steps to mitigate the negative impacts of a possible no-deal Brexit. Nevertheless, issues and market concerns remain.

No Deal Brexit and the Limits of EU Equivalence

If anything, recent activities in the U.K. have heightened expectations of a no-deal Brexit. For months now, investors and advisors, particularly those in the U.K., have been flagging concerns about the impact of Brexit on the derivatives industry, including fragmented markets and liquidity shortfalls.

Facing such risks to the multi-trillion-dollar derivatives market and attendant long-term impacts on its economy, the EC announced on December 12 that it would adopt an equivalence decision to address some, but not all, of the issues associated with a no-deal Brexit. The EC stated it will issue temporary licenses to clearinghouses, recognizing U.K. laws as “equivalent” to EU standards, to ensure that derivatives markets will continue to function with minimal disruption.

Without recognition or equivalence in a no-deal Brexit, EU clients would be cut off from London-based clearinghouses, including ICE Clear Europe, LCH Ltd., and London Metal Exchange’s LME Clear, which are among the most important global clearinghouses.

But the decision sets forth stringent conditions for granting such temporary “equivalence” and subsequent market access to EU customers. It requires that the European Securities and Markets Authority (“EMSA”) to have access to “all information requested” on an “on-going” basis. Under the decision, ESMA can share the information with the European Central Bank and continued clearing approval is dependent upon certain requirements being met.

In addition to the relief granted to U.K. clearinghouses, U.K.-based security depositories will get a 24-month reprieve as a part of the equivalence decision. The Commission also determined it would temporarily exempt investors clearing OTC derivatives from obligations under EMIR to allow them to move such trades from the U.K. to the EU without additional costs or a change of status.

Issues that Remain: Exchange Equivalence

Despite the positive outcomes of the equivalence decision, issues remain. The temporary equivalence that was granted to U.K.-based clearinghouses was not extended to U.K.-based exchanges. EU regulation defines exchange-traded derivatives as instruments traded on an EU-regulated market or on a recognized third-country venue. If the U.K. leaves with no deal, London-based markets would constitute unrecognized third-country venues. Without equivalence from the EC, a listed futures contract opened by a EU bank or corporation in London will be abruptly reclassified as an OTC derivative after March 29, 2019.

With such a reclassification, a user of such a contract would incur higher margin requirements and may be subject to tougher reporting obligations for a user that would normally be exempt from such activity. The distinction matters because of the different regimes that apply to listed and OTC derivatives – the trade details that have to be reported, for example, are different. In addition, determinations about which derivatives users have to clear their swaps are based on OTC notional thresholds; if exchange-traded contracts are added to these totals, some firms that do not currently clear may find they are suddenly required to do so. Trades used for hedging are exempt from this reclassification, as are small derivatives users that are not banks.

Further Relief is Not Forthcoming

Market watchers believe hopes for relief at this late stage may be in vain, especially considering the EC has been warning the market to prepare for over a year. As further evidenced by recent events, all Brexit-related negotiations have been intensely political, with the EC’s equivalence decision applying only to the most systemically pressing concerns instead of ensuring a whole market solution. As European and British regulators continue their conflict, market participants can only watch on wearily.

]]>New Guidelines to Assist in Designing Secure Platforms for Processing Payment Transactionshttps://www.covfinancialservices.com/2019/01/new-guidelines-to-assist-in-designing-secure-platforms-for-processing-payment-transactions/
Wed, 23 Jan 2019 19:40:53 +0000https://www.covfinancialservices.com/?p=8045Continue Reading]]>On January 17, 2019, the Payment Card Industry Security Standards Council (the “Council”), a payment industry association, released a new framework for PCI software security – the PCI Software Security Framework – to assist companies in designing and maintaining secure software for processing payment transactions. The framework includes two standards: the PCI Secure Software Standard and the PCI Secure Software Lifecycle Standard. Both Standards are aimed at staying ahead of rapid developments in payment applications.

The Framework as a whole introduces objective-based security practices that can support existing ways to demonstrate strong application security and a variety of newer payment platforms and development practices. Troy Leach, the Council’s chief technology officer, underscored the Framework’s importance and said that it “provides assurance to users of the software that as development practices evolve, the payment applications they rely upon will remain independently evaluated for security vulnerabilities.” Later this year, the Council will introduce a tool for businesses to validate their payment systems against the Framework.

The PCI Secure Software Standard includes security requirements and assessment procedures to ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. The Standard identifies key security principles such as sensitive data protection, access control, and attack detection. The Secure Software Standard is intended for payment software that is sold, distributed, or licensed to third parties for the purpose of supporting or facilitating payment transactions. However, the Council also encourages organizations that develop payment techniques in-house to utilize these same practices.

The Secure Software Lifecycle Standard outlines requirements and procedures for software vendors to validate their processes for properly managing the security of payment software throughout its lifecycle..” Key aspects of the Standard include addressing “governance, threat identification, vulnerability detection and mitigation, security testing, change management, secure software updates and stakeholder communications.” Both Standards were developed with input from industry participants, including software vendors, assessors and other payment security experts.

The new guidelines replace the Council’s existing Payment Application Data Security Standard (“PA-DSS”). PA-DSS focused on software development and lifecycle management principles for security in traditional payment software. The new guidelines are an advancement beyond the PA-DSS to address overall software security resiliency. The PA-DSS will be retired in 2022, and payment applications will be assessed under the PCI Software Security Framework at that time. There will be a transition period for current investments in PA-DSS until its expiration in 2022.

]]>New York State Passes Legislation to Form a Cryptocurrency Task Forcehttps://www.covfinancialservices.com/2019/01/new-york-state-passes-legislation-to-form-a-cryptocurrency-task-force/
Tue, 22 Jan 2019 18:27:35 +0000https://www.covfinancialservices.com/?p=8042Continue Reading]]>New York has enacted the Digital Currency Study Bill, which will establish a digital currency task force and provide the governor and the state legislature information “on the effects of the widespread use of cryptocurrencies and other forms of digital currencies and their ancillary systems in the state.” The task force will conduct an extensive review of the blockchain industry in New York (with an emphasis on cryptocurrency exchanges), while analyzing the laws and regulations of other states, the federal government, as well as foreign countries. In particular, the task force will provide legislative and regulatory recommendations to “increase transparency and security, enhance consumer protections, and to address the long term impact related to the use of cryptocurrency.” The task force will submit their findings by December 15, 2020.

This legislation is the latest step by New York to understand and regulate cryptocurrency as well as the blockchain industry. Clyde Vanel, the primary sponsor for this bill and the Chair of the Subcommittee on Internet and New Technologies of the New York Assembly, stated that “the task force of experts will help us strike the balance between having a robust blockchain industry and cryptocurrency economic environment while at the same time protecting New York investors and consumers.”

New York is not the first state to establish such a task force. In September 2018, the California state legislature passed a bill that will establish a working group to discuss the potential applications of blockchain technology and how such technology will affect businesses, the government, and other social purpose organizations. The bill also, for the first time in California, defines blockchain technology as “a mathematically secured, chronological, and decentralized ledger or database.”[1]

[1] The full text of the bill (Assembly Bill 2658) is at https://legiscan.com/CA/text/AB2658/id/1821719. On the same day Bill 2658 was passed, Governor Jerry Brown also signed into law Senate Bill 838, which authorizes a corporation or a social purpose corporation (i.e., public interest groups) to maintain certain corporate records by means of blockchain technology, including the transfer of stock certificates. Different from its prior draft versions, the passed Senate Bill 838 does not address issues related to smart contracts, or recognize the legality of data stored on a blockchain in general.